[geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates

Dirk Haun dirk at haun-online.de
Mon Jan 26 17:08:02 EST 2004


>How much longer do you plan on support 1.3.7?

I would prefer to drop it sooner rather than later (getting some of the
new fixes into the old code was a bit of a pain). If it weren't for me
running a 1.3.7 site myself ...

Once 1.3.9 is finally out, that will certainly be the end of the 1.3.7

>On that same note what is the progress with 1.3.9. Are there any areas 
>where you could use help getting the release out.  I know you mailed a 
>summary of things needed for 1.3.9 a couple months ago, what is the 
>status of those?

Good question.

There's that tedious bit of work of having to review each and every
parameter that's passed in a POST or GET and applying COM_applyFilter to
it. I've already decided to leave the admin/*.php files for later. The
files in public_html are mostly done, although usersettings.php and
calendar.php are only half done and I haven't even started on the search
(i.e. actually the search class, as search.php doesn't include much code
any more).

And while reviewing the code, I keep finding little oddities and bugs
(two of which are fixed in today's security release). E.g. when deleting
a user, we leave quite a few things orphaned, i.e. with an owner_id that
doesn't exist any more (links, events, blocks, ...).

I also have an ever-increasing list of tiny "it would be extremely nice
to have" things - I guess I just have to cut short that list and try to
get through with the above.

bye, Dirk


More information about the geeklog-devel mailing list